Fixup some incorrect information and some comments. These changes

were cherry picked up the upstream OpenBSD repository. At some point we will look at doing another import, but the diffs are substantial and will require some careful testing. Differential Revision: https://reviews.freebsd.org/D25021 MFC after: 2 weeks Submitted by: gbe Reviewed by: myself, bcr
2020-07-28 20:06:16 +00:00 · 2020-07-28 20:06:16 +00:00 · 3008333d44
commit 3008333d44
parent f72e5be58a
12 changed files with 21 additions and 17 deletions
--- a/contrib/openbsm/CREDITS
+++ b/contrib/openbsm/CREDITS
@ -36,6 +36,9 @@ the development of OpenBSM:
    Ryan Steinmetz
    The FreeBSD Foundation
    Brooks Davis
+    Mateusz Piotrowski
+    Alan Somers
+    Aniket Pandey

 In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
 Software's FlexeLint tool were used to identify a number of bugs in the
--- a/contrib/openbsm/bin/auditd/auditd.c
+++ b/contrib/openbsm/bin/auditd/auditd.c
@ -712,7 +712,7 @@ auditd_config_controls(void)
 	 */
 	err = auditd_set_qsize();
 	if (err) {
-		auditd_log_err("audit_set_qsize() %s: %m",
+		auditd_log_err("auditd_set_qsize() %s: %m",
 		    auditd_strerror(err));
 		ret = -1;
 	} else
--- a/contrib/openbsm/bin/auditdistd/auditdistd.c
+++ b/contrib/openbsm/bin/auditdistd/auditdistd.c
@ -523,7 +523,7 @@ main_loop(void)
 		}
 		TAILQ_FOREACH(adhost, &adcfg->adc_hosts, adh_next) {
 			if (adhost->adh_role == ADIST_ROLE_SENDER) {
-				/* Only sender workers asks for connections. */
+				/* Only sender workers ask for connections. */
 				PJDLOG_ASSERT(adhost->adh_conn != NULL);
 				fd = proto_descriptor(adhost->adh_conn);
 				PJDLOG_ASSERT(fd >= 0);
--- a/contrib/openbsm/bin/auditdistd/proto_tls.c
+++ b/contrib/openbsm/bin/auditdistd/proto_tls.c
@ -413,7 +413,7 @@ tls_exec_client(const char *user, int startfd, const char *srcaddr,
 	tls_certificate_verify(ssl, fingerprint);

 	/*
-	 * The following byte is send to make proto_connect_wait() to work.
+	 * The following byte is sent to make proto_connect_wait() work.
 	 */
 	connected = 1;
 	for (;;) {
@ -460,7 +460,7 @@ tls_call_exec_client(struct proto_conn *sock, const char *srcaddr,
 		proto_close(sock);
 	} else {
 		/*
-		 * The FD_CLOEXEC is cleared by dup2(2), so when we not
+		 * The FD_CLOEXEC is cleared by dup2(2), so when we do not
 		 * call it, we have to clear it by hand in case it is set.
 		 */
 		if (fcntl(startfd, F_SETFD, 0) == -1)
--- a/contrib/openbsm/libauditd/auditd_lib.c
+++ b/contrib/openbsm/libauditd/auditd_lib.c
@ -498,7 +498,7 @@ auditd_expire_trails(int (*warn_expired)(char *))
 			 * update the mtime of the trail file to the current
 			 * time. This is so we don't prematurely remove a trail
 			 * file that was created while the system clock reset
-			 * to the * "beginning of time" but later the system
+			 * to the "beginning of time" but later the system
 			 * clock is set to the correct current time.
 			 */
 			if (current_time >= JAN_01_2000 &&
--- a/contrib/openbsm/libbsm/au_control.3
+++ b/contrib/openbsm/libbsm/au_control.3
@ -201,7 +201,7 @@ converts an audit policy flags string,
 .Fa polstr ,
 to a numeric audit policy mask returned via
 .Fa policy .
-.Sh RETURN VALULES
+.Sh RETURN VALUES
 The
 .Fn getacfilesz ,
 .Fn getacdir ,
--- a/contrib/openbsm/libbsm/au_domain.3
+++ b/contrib/openbsm/libbsm/au_domain.3
@ -62,7 +62,7 @@ The
 function accepts a local domain, and returns the BSM domain for it.
 This call cannot fail, and instead returns a BSM domain indicating to a later
 decoder that the domain could not be encoded.
-.Sh RETURN VALULES
+.Sh RETURN VALUES
 On success,
 .Fn au_bsm_to_domain
 returns 0 and a converted domain; on failure, it returns -1 but does not set
--- a/contrib/openbsm/libbsm/au_errno.3
+++ b/contrib/openbsm/libbsm/au_errno.3
@ -76,7 +76,7 @@ function converts a BSM error value to a string, generally by converting first t
 local error number and using the local
 .Xr strerror 3
 function, but will also work for errors that are not locally defined.
-.Sh RETURN VALULES
+.Sh RETURN VALUES
 On success,
 .Fn au_bsm_to_errno
 returns 0 and a converted error value; on failure, it returns -1 but does not
--- a/contrib/openbsm/libbsm/au_socket_type.3
+++ b/contrib/openbsm/libbsm/au_socket_type.3
@ -61,7 +61,7 @@ operating system.
 function accepts a local socket type, and returns the BSM socket type for it.
 This call cannot fail, and instead returns a BSM socket type indicating to a
 later decoder that the socket type could not be encoded.
-.Sh RETURN VALULES
+.Sh RETURN VALUES
 On success,
 .Fn au_bsm_to_socket_type
 returns 0 and a converted socket type; on failure, it returns -1 but does not
--- a/contrib/openbsm/man/audit.log.5
+++ b/contrib/openbsm/man/audit.log.5
@ -102,7 +102,7 @@ token can be created using
 .It Sy "Field	Bytes	Description"
 .It "Token ID	1 byte	Token ID"
 .It "Record Byte Count	4 bytes	Number of bytes in record"
-.It "Version Number	2 bytes	Record version number"
+.It "Version Number	1 byte	Record version number"
 .It "Event Type	2 bytes	Event type"
 .It "Event Modifier	2 bytes	Event sub-type"
 .It "Seconds	4/8 bytes	Record time stamp (32/64-bits)"
@ -126,7 +126,7 @@ token can be created using
 .It Sy "Field	Bytes	Description"
 .It "Token ID	1 byte	Token ID"
 .It "Record Byte Count	4 bytes	Number of bytes in record"
-.It "Version Number	2 bytes	Record version number"
+.It "Version Number	1 byte	Record version number"
 .It "Event Type	2 bytes	Event type"
 .It "Event Modifier	2 bytes	Event sub-type"
 .It "Address Type/Length	1 byte	Host address type and length"
@ -325,7 +325,7 @@ or
 .It "Process ID	4 bytes	Process ID"
 .It "Session ID	4 bytes	Audit session ID"
 .It "Terminal Port ID	4/8 bytes	Terminal port ID (32/64-bits)"
-.It "Terminal Address Type/Length	1 byte	Length of machine address"
+.It "Terminal Address Type/Length	4 bytes	Length of machine address"
 .It "Terminal Machine Address	4 bytes	IPv4 or IPv6 address of machine"
 .El
 .Ss Return Token
--- a/contrib/openbsm/man/getaudit.2
+++ b/contrib/openbsm/man/getaudit.2
@ -24,7 +24,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd October 19, 2008
+.Dd March 14, 2018 
 .Dt GETAUDIT 2
 .Os
 .Sh NAME
@ -62,6 +62,7 @@ struct auditinfo {
 	au_mask_t      ai_mask;         /* Audit masks */
 	au_tid_t       ai_termid;       /* Terminal ID */
 	au_asid_t      ai_asid;         /* Audit session ID */
+	au_asflgs_t    ai_flags;        /* Audit session flags. */
 };
 typedef struct auditinfo        auditinfo_t;
 .Ed
--- a/contrib/openbsm/sys/bsm/audit.h
+++ b/contrib/openbsm/sys/bsm/audit.h
@ -46,7 +46,7 @@
 #define	MIN_AUDIT_FILE_SIZE	(512 * 1024)

 /*
- * Minimum noumber of free blocks on the filesystem containing the audit
+ * Minimum number of free blocks on the filesystem containing the audit
 * log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0
 * as the kernel does an unsigned compare, plus we want to leave a few blocks
 * free so userspace can terminate the log, etc.
@ -249,14 +249,14 @@ typedef	struct au_token	token_t;
 /*
 * Kernel audit queue control parameters:
 * 			Default:		Maximum:
- * 	aq_hiwater:	AQ_HIWATER (100)	AQ_MAXHIGH (10000) 
+ * 	aq_hiwater:	AQ_HIWATER (100)	AQ_MAXHIGH (10000)
 * 	aq_lowater:	AQ_LOWATER (10)		<aq_hiwater
 * 	aq_bufsz:	AQ_BUFSZ (32767)	AQ_MAXBUFSZ (1048576)
- * 	aq_delay:	20			20000 (not used) 
+ * 	aq_delay:	20			20000 (not used)
 */
 struct au_qctrl {
 	int	aq_hiwater;	/* Max # of audit recs in queue when */
-				/* threads with new ARs get blocked. */ 
+				/* threads with new ARs get blocked. */

 	int	aq_lowater;	/* # of audit recs in queue when */
 				/* blocked threads get unblocked. */